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(57) Abstract 

A digital certificate is formed in a terminal (1) from a digitized representation of a unique biological feature of a registrant. The 
digital representation is signed with the registrant's private encryption key in the terminal (1) and transmitted to a certificate authority 
(25) through a communication network (23). The registrant's identity is verified at a remote registration terminal (43). After identity 
verification, the certificate authority forms the certificate by encrypting the digital signature with the certificate authority's own encrypting 
key in the registration process (24). The certificate is also held in a publicly available directory (4). The document and the certificate are 
then transmitted to a receiving terminal (83). If the sending party denies sending the document, the biological feature can be extracted from 
the certificate and directly compared with the actual biological feature of the sending party in the validation process (26). 
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1 

2 Title: digital signature providing non-repudiation based on biological indicia 



3 

4 FIELD OF THE INVENTION 

5 The present invention relates generally to the field of authentication of electronic 

6 documents, and more particularly to a non-reputable digital signature that allows 

7 authentication of the identity of the sender of a message by comparison with the sender's 

8 unique biological indicia. 
9 

10 BACKGROUND 

1 1 Electronic commerce is rapidly becoming a ubiquitous means of conducting business. 

12 The growing popularity of the Internet and World Wide Web has opened new avenues for the 

1 3 conduct of business. Execution of complicated business transactions electronically present a 

14 number legal and financial problems. 

1 5 Security of electronic transactions is an area of concern because messages transmitted 

1 6 across public networks can be intercepted. A number of encryption methods have been 

1 7 developed which allow a message to be read only by the designated receiver. Using so-called 

1 8 public key encryption, party A sending a message to party B first encrypts the message using 

19 B's public key. B's public key can be freely distributed to anyone B wishes to communicate 

20 with. Only B's private key can decrypt the message. B keeps his private key secret and uses 

21 it to decode the message. If the message is intercepted it cannot be decoded without B's 

22 private key. 

23 The identity of a party transmitting a message executing an electronic transaction is 

24 also of concern, particularly where one of the parties is obliged to perform in the future or is 

25 subject to some future liability. In such transactions it is necessary that the parties not be able 

26 to repudiate the agreement. Also, the identity of the parties must be clearly established so 

27 that each can be assured that the other party is in fact the person it represents to be, and is able 

28 to perform. Further, the identity of the parties may need to be established with a high degree 

29 of certainty to support a legal claim, should one of the parties later attempt to avoid or 

30 repudiate the transaction. 

1 
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1 Digital signatures have been developed to provide a means for identifying a party 

2 transmitting an electronic message. One method for creating digital signatures is to generate 

3 public and private key pairs for each of a group of parties that may wish to exchange digitally 

4 signed documents. Each of the parties stores its public decrypting keys in a registry along 

5 with identifying information, such as the key owner's name and e-mail address. The key 

6 owners each keep their private encrypting keys secret. 

7 To create a digital signature a party encrypts a message with his private encrypting 

8 key that includes the same identifying information that is stored in the registry. The party 

9 receiving the encrypted message goes to the registry and retrieves the sending party's public 

1 0 decrypting key and identifying information. The receiving party decrypts the message using 

1 1 the decrypting key from the registry and extracts the identifying information. If the 

12 identifying information found in the message matches the information stored in the registry 

1 3 then the receiving party concludes that the message is genuine. Further, there is some 

14 assurance that the sending party will not deny that he sent the message since only the sending 

1 5 party's private encrypting key can create a message that the sending party's public decrypting 

16 key can decode. A discussion of known digital signature techniques may be found, for 

1 7 example, in Meyer, Carl H. and Matyas, Stephen M., Cryptography, Chapter 9, pp. 386-427, 

1 8 John Wiley & Sons, 1 982. 



1 9 Known digital signature techniques suffer from certain problems. A third party may 

20 intercept a signed message and use the signed message to spoof another party. By 

21 retransmitting the signed message, the interceptor may be able to convince a recipient that he 

22 is the true sender. This is the so-called "man-in-the-middle" attack. 

23 In addition, known digital signatures arc subject to repudiation. A party may no 

24 longer wish to be bound by a disadvantageous agreement or may be subject to criminal or 

25 civil liability if he made the agreement. That party may simply deny sending a particular 

26 message. The party may claim that he did not intend to execute a transaction with a particular 

27 party but was instead the victim of a man-in-the-middle attack. 

28 With known digital signature techniques, the only information connecting the sender 

29 with the message is the database entry in the registry containing his public decrypting key and 

30 the identifying information. Thus, the sender may repudiate a transaction by claiming that his 

3 1 public decrypting key was registered without his authority. 
32 

33 
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1 SUMMARY OF THE INVENTION 

2 The present invention is directed to methods and apparatus for forming a digital 

3 certificate that provides positive user authentication and non-repudiation. It is an object of 

4 the present invention to provide a digital certificate for authenticating electronically 

5 transmitted documents which incorporates a unique characteristic of the sender, such as 

6 biological indicia that can only have come from the sender himself. 

7 Another object of the present invention is to provide a digital certificate that allows 

8 positive identification of the sender which cannot be repudiated. 

9 Yet another object of the present invention is to provide for encrypting an electronic 

10 message using a digital certificate based on biological indicia. 

1 1 Yet another object of the present invention is to provide a method for positively 

1 2 identifying the sender of an electronic message signed with a biologically-based digital 

13 certificate. 

14 Broadly, the present invention is directed to methods and apparatus for creating a 

1 5 digital certificate for use in electronic commerce which is based on biological indicia of the 

1 6 person providing the digital certificate such that the digital certificate provides positive 

1 7 identification of the sender and minimizes the ability of the sender to repudiate the 

1 8 authenticity of the certificate and any transaction embodied in an electronic document 

1 9 appended to the certificate. 

20 According to a first aspect of the present invention there is provided a user terminal, a 

21 certificate authority, and a remote registration terminal. A person, hereinafter called a 



22 registrant, wishing to obtain a digital certificate enters a data corresponding to a biological or 

23 physical characteristic of himself, for example, his chromosomal DNA, into a terminal. 

24 Preferably, the data is entered in digital form, but could be entered by optical imaging (e.g. a 

25 photograph or a scanned fingerprint, iris, or retina) which is then processed into digital form. 

26 The digital representation of the registrant's biological indicia is encrypted using the 

27 registrant's private key and sent to the certificate authority along with the registrant's public 

28 key. The certificate authority decrypts the digital representation and stores it. The registrant 

29 then visits a remote registration terminal in person with the digital representation and other 

30 identifying documents. The operator of the remote registration terminal verifies the identity 

3 1 of the registrant from the identifying documents and transmits the digitized representation to 

32 the certificate authority. The certificate authority compares the decrypted digital 

33 representation with the representation sent from the remote registration terminal. If a match 

3 
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1 is found, the certificate authority forms a certificate by signing the digital signature using the 

2 certificate authority's encrypting key. The certificate is stored in a database and is sent to the 

3 registrant. Preferably, the database is public with no restriction as to who may access the 

4 stored certificate data. Alternatively, access to the database may be restricted to, for example, 

5 employees of a particular corporation or government department, database subscribers, or 

6 members of a stock exchange. 

7 According to another aspect of the present invention, the registrant transmits a digital 



8 message including the certificate described above. The digital message is then encrypted 

9 with the registrant's private encrypting key. The party receiving the encrypted message 

1 0 decrypts the message using the registrant's public decrypting key. The receiving party 

1 1 inspects the message to verify that the appended certificate is valid and that the certificate was 

12 prepared by a reputable certificate authority by comparing the certificate with the information 



13 stored in the database. The reputation of the certificate authority provides some assurance 

14 that the message is genuine and that the sender will not later repudiate the message because 

1 5 his signature and identifying information are part of the certificate stored in the public 

16 database. 

17 If additional assurance that the registrant actually transmitted the message is desired, 



1 8 the receiving party can transmit the certificate to the certificate authority and request that the 

1 9 certificate be decrypted to extract the digitized representation. The digital representation is 

20 then compared with the digital representation originally submitted by the registrant. If even 

21 greater assurance is required, for example, where the registrant later attempts to repudiate the 

22 message, the digital representation can be compared with biological indicia of the registrant 

23 from which the digital signature was originally formed, 
24 



25 BRIEF DESCRIPTION OF THE DRAWINGS 

26 Further characteristics, features, and advantages of the present invention will be 

27 apparent upon consideration of the following detailed description of the present invention, 

28 taken in conjunction with the following drawings, in which like reference characters refer to 

29 like parts, and in which: 

30 Fig. 1 is a block diagram of a terminal used for forming a digital certificate according 

31 to a first embodiment of the present invention; 

32 Fig. 2 is a block diagram showing components connected by a communication 

33 network for forming a digital certificate according to the first embodiment; 

4 
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1 Fig. 3 is a block diagram showing the components of a registration process of a 

2 certificate authority used for forming a digital certificate according to the first embodiment; 

3 Fig. 4 is a block diagram showing a remote registration terminal for forming a digital 

4 certificate according to the first embodiment; 

5 Fig. 5 is a block diagram showing the certification process of the certificate authority 

6 for forming a certificate according to the first embodiment; 

7 Fig. 6 is a block diagram showing a terminal used for signing an electronic message 

8 with a digital certificate according to a second embodiment of the present invention; 

9 Fig. 7 is a block diagram showing a portion of a terminal for receiving and 

10 authenticating the electronic message signed with the digital certificate by the apparatus of 

1 1 Fig. 6 according to the second embodiment; 

12 Fig. 8 is a block diagram showing a validation process according to the second 

1 3 embodiment; 

14 Fig. 9 is a block diagram showing a digital key entry system according to a third 

1 5 embodiment of the present invention. 

16 DETAILED DESCRIPTION 

1 7 With reference to Figs. 1-5, a process for forming a digital certificate according to a 

1 8 first embodiment of the present invention will be described. A person wishing to obtain a 

19 certificate, hereinafter called the registrant, first visits a service provider to obtain a digitized 

20 representation of a biological characteristic of his or her body. This digitized characteristic 

21 will be referred to as a bio-blob. A bio-blob may be formed from, for example, a digitized 



22 image of the registrant's fingerprint, iris or retina or a digital representation of a marker plate 

23 prepared from the registrant's chromosomal DNA. Other physical characteristics may be 

24 used, depending on the degree of security desired. For example, an image of the registrant's 

25 footprint, handprint, dental x-ray or other distinguishing characteristic of the registrant's body 

26 may be used. The bio-blob may also be a combination of digitized images and other 

27 identifying indicia of the registrant and may include, for example, a password such as an 

28 alphanumeric string. The service provider may be a medical clinic equipped to handle and 

29 analyze biological samples. 

30 The service provider gives the registrant the bio-blob in digital form. The bio-blob 

3 1 may be provided on any of a number of digital media including a magnetic tape or disk, an 

32 optical disk, or a digital memory. A preferred medium for storing the bio-blob is a non- 
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1 volatile solid-state memory incorporated in a so-called smart card for convenience and 

2 portability. 

3 Note that in the figures "cylinders" illustrate data elements and "boxes" illustrate 

4 process functions. The data elements may be stored, for example, on magnetic or optical disk 

5 drives or in solid state memory devices. The process functions may be implemented by a 

6 general-purpose computer, for example, a personal computer, workstation, or mainframe 

7 computer, under the control of a software program. The functions described herein may also 

8 be performed by special purpose computing devices designed to perform specific data 

9 processing tasks, or by a combination of general purpose and special purpose processors. 

10 Fig. 1 shows a terminal 1 owned by or associated with the registrant. Alternatively, 

1 1 the terminal 1 may be a device owned by a third party which is provided for the registrants 

12 exclusive use in a manner explained below. The terminal 1 may be, for example, a computer 

13 workstation. The terminal 1 is connected with a reader 3. A data 2 containing the bio-blob 5 

1 4 produced by the service provider is inserted into the reader 3 and the bio-blob data 5 is 

1 5 transferred to the terminal 1 . The data 2 is preferably a smart card and the reader 3 is 

16 preferably a smart card reader, each of which is conventional in design and use. 

1 7 A hash function 7 receives the bio-blob data 5 and calculates a hashed bio-blob 9. 

1 8 The hashed bio-blob 9 is a fixed length string which is a compressed version of the original 

1 9 bio-blob data 5. The hash function 7 is selected so that the bio-blob 5 is efficiently converted 

20 to the hashed bio-blob 9, but it is infeasible to generate a bio-blob that hashes to a given 

21 value. If the integrity of the hashed bio-blob 9 is violated, because of transmission errors or 

22 intentional manipulation, a receiving device can detect the violation using known error 

23 detection techniques. 

24 A public/private key function 1 1 calculates a private 1 3 and public 1 5 key pair for the 



25 registrant. The key pair 13, 15 is designed to function with a so-called public-key algorithm. 

26 Messages encrypted with the private key 1 3 may be decrypted with the public key 1 5. 

27 However, knowledge of the public key 1 5 does not allow efficient calculation of the private 

28 key 1 3. For example, the key pair 13,15 may be generated to work in the so-called RSA 

29 algorithm. 



30 The hashed bio-blob 9 and the private key 1 3 are received by the signature function 

31 17. The signature function 1 7 signs the hashed bio-blob 9 by encrypting it with the private 

32 key 1 3 to generate the signature 19. The registrant enters identifying information into a 

33 registration form 16. The registration form 16 is an electronic document which queries the 

6 
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1 registrant for identifying information such as the registrant's name, social security number, 

2 mother's maiden name, address, and telephone number. The registration form 16 may be a 

3 so-called Hypertext Mark-up Language (HTML) page. 

4 The public key 1 5 is combined with the registration form 16 to create a message 1 8. 

5 The message 1 8 and the signature 1 9 arc formatted by the browser function 21 for 

6 transmission across a communication network 23 via a modem 22. The modem 22 formats 

7 the transmitted signal in a form which is compatible with the communication network. The 

8 communication network 23 may be, for example, an intranet, an internet or an extranet. The 

9 communication network 23 may be implemented, for example, using a public data network 

1 0 (PDN) or a private communication link, such as wide area network, a local area network, or a 

1 1 dedicated telephone line. The communication network 23 allows communication between 

12 and among the terminal 1 , a public directory 4, a certificate authority 25, a registration 

13 manager 43, and a receiving terminal 83. The certificate authority 25 includes a registration 

14 process 24 and a validation process 26. Fig. 2 shows the registrant's terminal 1 connected 

1 5 with the communication network 23. 

16 The message 1 8 and signature 19 are transmitted from the terminal 1 to the certificate 

1 7 authority 25. Fig. 3 shows the registration process 24 of the certificate authority 25 in detail. 

1 8 Digital signals are received from the communication network 23 by the modem 28 which 

19 sends the message 1 8 and signature 19 to the user input registration process 27. The user 

20 input registration process 27 parses the message 1 8 and signature 1 9 from the communication 

21 network 23. The public key 15, registration form 16, and signature 19 are stored in the input 

22 queue 29. The decryption process 3 1 retrieves the signature 1 9 and public key 1 5 from the 

23 input queue 29. The decryption process 3 1 decrypts the signature 1 9 using the public key 1 5 

24 to recover the hashed bio-blob 9. The hashed bio-blob 9 is then de-hashed by the de-hashing 

25 function 33 to recover the bio-blob 5. The bio-blob 5 is stored as a flat file in the bio-blob 

26 queue 35. 

27 The compare function 37 retrieves the bio-blob 5 from the bio-blob queue 35 and 

28 compares it with bio-blobs stored in the registered bio-blob database 39. The registered bio- 

29 blob database 39 contains bio-blobs from persons who have completed the registration 

30 process, as will be described later. Because the registrant has not yet completed the 

31 registration process, no match will be found by the compare function 37. The compare 

32 function 37 sends a command to the rejection process 41 which sends a message to the 
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1 terminal 1 via the communication network 23 instructing the registrant to complete the 

2 registration process. The bio-blob 5 remains in the bio-blob queue 35. 

3 The registrant goes to a remote registration terminal 43 with the smart card 2 

4 containing the digitized bio-blob 5 and physical identification which confirm the information 

5 entered in the registration form 16. The physical identification may be, for example, the 

6 registrants driver's license, passport, or other government-issued identification card. 

7 Preferably, the physical identification includes a photograph of the registrant. The remote 

8 registration terminal 43 is located at a service provider and the registrant must be physically 

9 present to be registered. An operator at the remote registration terminal 43 enters identifying 

10 information from the physical identification into a verification form 18. The verification 

1 1 form 1 8 may be an HTML page which queries the operator of the remote registration 

12 terminal for the same information requested by the registration form 1 6. 

13 Fig. 4 shows the remote registration terminal 43 in detail. The bio-blob 5 stored on 

14 the smart card 2 is read by a reader 45 and sent to the registration input process 47. The 

1 5 operator enters information to the verification form 18 using an input device 49. The input 

1 6 device 49 may be a keyboard or a pointing device coupled to a graphical user interface. The 

1 7 registration input process 47 combines the bio-blob 5 with the verification form 1 8 to 

1 8 generate a registration request 5 1 . The registration request 5 1 is formatted by the 

19 communication manager 53, transmitted by the modem 54 and sent to the registration process 

20 24 of the certificate authority 25 across the communication network 23. 

21 Referring again to Fig. 3, modem 28 receives the registration request 51 and sends it 

22 to the registration manager input process 55. The registration request 5 1 is stored in the 

23 registration queue 57. The registration process 59 retrieves the registration request 5 1 from 

24 the registration queue 57 and extracts the bio-blob 5. The bio-blob 5 is stored in the 

25 registered bio-blob database 39 along with the verification form 1 8. 

26 The compare function 37 compares each newly registered bio-biob in the registered 

27 bio-blob database 39 with the bio-blobs stored in the bio-blob queue 35. When the 

28 registrant's bio-blob 5 is found in both the bio-blob queue 35 and registered bio-blob database 

29 39, the compare function 37 sends a message to the certification process 61 indicating that a 

30 match has been found. The compare function 37 also compares the registration form 16 with 

3 1 the verification form 1 8 submitted from the remote registration terminal 43 to verify the 

32 identity of the registrant. 
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1 The certification process 61 is shown in detail in Fig. 5. When a message is received 

2 from the compare function 37 indicating a match between the bio-blob queue 35 and the 

3 registered bio-blob database 39, the registration form 16, public key 1 5, and signature 1 9 arc 

4 retrieved from the input queue 29. A key function 63 generates a certificate signing key 65 

5 and a certificate public key 67. The certification process 69 encrypts the signature 19 using 

6 the certificate authority's signing key 65. The encryption process 69 appends certificate 

7 authority identity information 70 to the encrypted signature 1 9. The identity information 70 

8 may be contained on an HTML page capable of supporting active links across the 

9 communication network 23. The encrypted signature 19 and identity information 70 form the 

10 certificate 71. The certificate 71 is sent to the registrant's terminal 1 via the communication 

1 1 network 23. The certificate 71 is also stored in certificate archive 73 along with the 

1 2 certificate authority's public key 67. 

1 3 The certificate 71 is sent to a public directory 4 via the communication network 23. 

14 According to a preferred embodiment, any terminal connected to the communication network 

1 5 23 may read the public directory 4. Alternatively, access to the directory 4 may be limited to 

16 certain authorized persons. The public directory 4 contains all the valid certificates for each 

1 7 registrant on the communication network 23. The public directory 4 also contains a list of 

1 8 certificates that are no longer valid. Parties can compare certificates received with electronic 

19 documents against the certificates stored in the public directory 4 via the communication 

20 network 23 to determine if a document includes a valid certificate. The identity information 

21 70 in each certificate may include an active link to the public directory 4 allowing a party to 

22 access the valid certificates and list of invalid certificates conveniently. 

23 There is an advantage in having the digital signature 1 9 prepared at the registrant's 

24 terminal 1 and then having the registrant register in person at the remote registration terminal 

25 43 using his bio-blob 5. The registrant maintains control over the key pair 1 3, 1 5 , as well as 

26 his bio-blob 5 stored on the smart card 2, which were used to prepare the signature 19 that 

27 forms the basis for the certificate 71 . The registrant cannot later claim that a certificate 71 

28 was prepared without his authorization. 

29 If the key pair 13, 1 5 or the smart card 2 are disclosed to others, the registrant must 

30 inform the public directory 4 to add the certificate 71 to the list of invalid certificates. A new 

3 1 certificate will have to be prepared. If another party receives an electronic document signed 

32 using the now invalid certificate, that party will know that the document cannot be relied 

33 upon. 

9 
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1 Figs. 6, 7, and 8 show an apparatus for sending signed electronic messages via the 

2 communication network 23 according to a second embodiment of the present invention. Fig. 

3 6 shows the process of sending a message from the registrant's terminal 1 using the certificate 

4 71. A transaction message 75 is formed including, for example, a contract the user wishes to 

5 execute with the operator of the receiving terminal 83. The encryption process 77 joins the 

6 transaction message 75 with the certificate 71 and encrypts the result using the registrant's 

7 private key 1 3 to form the signed message 79. The signed message 79 is transmitted by the 

8 modem 80 and sent via the communication network 23 to a receiving terminal 83. 

9 Fig. 7 shows the authentication of the signed message 79 by the receiving terminal 83. 

1 0 The signed message 79 is received by the modem 76 and is decrypted by the decryption 

1 1 process 85 using the registrant's public key 1 5 thereby recovering the transaction message 75 

12 and the certificate 71 . An authentication process 87 inspects the identity information 70 

1 3 which is part of the certificate 7 1 . The authentication process 87 accesses the public directory 

14 4 via the communication network 23 to verify that the certificate 71 is valid. According to a 

1 5 preferred embodiment an active link to the public directory 4 embedded in the identity 

1 6 information 70 simplifies this process. For transactions where there is little risk that a 

1 7 message is fraudulent, simply verifying that the sender has a valid certificate 71 from a 

1 8 reputable certificate authority 25 is sufficient to proceed with the transaction. 

1 9 An additional level of security can be obtained by recovering the bio-blob 5 from the 

20 certificate 71 and comparing it with the bio-blob 5 encrypted within the certificate 71 stored 

21 in the public directory 4. Fig. 8 shows a validation process 26 performed by the certificate 

22 authority 25. The certificate authority public key 67 is retrieved from the certificate archive 

23 73 and is used by the decryption process 72 to decrypt the certificate 7 1 to extract the digital 

24 signature 19. The registrant's public key 15 is then used by the decryption process 74 to 

25 decrypt the signature 19 to extract the hashed bio-blob 9. The hashed bio-blob 9 is dehashed 

26 by the dehash process 76 to extract the bio-blob 5. The compare function 37 retrieves the 

27 bio-blob 5 that was stored in the registered bio-blob database 39 during the registration 

28 process and compares it with the bio-blob 5 extracted from the certificate 71 . 

29 The identity of the person sending the message may be positively confirmed by 

30 comparing the bio-blob 5 extracted from the certificate 7 1 to an actual biological feature of 

3 1 the person alleged to have sent the message. For example, if the bio-blob 5 were a digital 

32 representation of a DNA marker plate prepared from the registrant's tissue, then a similar 

33 marker plate could be prepared from tissue taken from the alleged sender's body. If the bio- 

10 
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1 blob 5 matches the alleged sender's marker plate then it is virtually certain that the sender is 

2 the registrant. 

3 The digital certificate 7 1 described above may be used to authenticate electronic 

4 document 75 transmitted between remote parties via a communication network 23. However, 

5 the invention is not limited to this type of communication. The digital certificate 71 

6 according to the present invention is applicable to any type of digital message where non- 

7 repudiation and positive identification are required. Fig. 9 illustrates a third embodiment of 

8 the present invention where the digital certificate 71, formed according to the first 

9 embodiment, is incorporated into a key access card 91 to be used, for example, by an 

1 0 employee to gain access to a restricted area of an employer's building. The digital certificate 

11 71 is stored in a memory on the card 91 along with conventional identifying information such 

12 as the employee's name 92. The memory may be a solid-state device, a magnetic strip, a 

1 3 pattern of marks or another known technique for storing digital data. The registrant, for 

14 example, an employee seeking access to a restricted area, presents the card 91 to a card reader 

15 93. The reader 93 retrieves the certificate 7 1 and name 92 from the card 91 and 

16 communicates them to a processor 97 via an internal network 95. The processor 97 compares 

1 7 the certificate 71 with a database of valid certificates 101 and if a match is found, the 

1 8 employee is allowed access. The employee name 92 and certificate 71 are stored in an access 

19 database 99 by the processor 97. Routine reports of access activity can be generated based on 

20 the employee name 92 alone. If positive proof that a particular employee entered the 

21 restricted area, for example where a crime has been committed, the digital certificate 71 can 

22 be retrieved from the access database 99 and the bio-blob 5 encoded therein can be compared 

23 with the biological indicia of the employee. 

24 The above embodiments are illustrative of the present invention. While these are 

25 presently considered the most practical and preferred embodiments, it is to be understood 

26 that the invention is not limited by this disclosure. This invention is intended to cover various 

27 modifications and equivalent arrangements included within the spirit and scope of the 

28 invention, as will be apparent to a person of ordinary skill in the art. 
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1 We claim: 

2 1. A digital certificate comprising: 

3 a digitized biological indicium encrypted with a first encrypting key and encrypted 

4 with a second encrypting key, the second encrypting key being generated by a certificate 

5 authority; and 

6 certificate authority identity information, wherein the biological indicium uniquely 

7 identifies a registrant. 
8 

9 2. The certificate according to claim 1 wherein the first encrypting key is generated at a 

1 0 terminal remote from the certificate authority, the terminal being associated with the 

1 1 registrant. 
12 

13 3. The certificate according to claim 1 wherein the certificate authority identity 

14 information includes an active link to a registry of valid certificates. 
15 

16 4. The certificate according to claim 3 wherein the registry further comprises a list of 

17 invalid certificates. 
18 

19 5. An electronic document comprising: 

20 message information and a digital certificate, wherein the digital certificate includes a 

21 digitized biological indicium, the biological indicium uniquely identifying a registrant. 
22 

23 6. The document according to claim 5 wherein the digital certificate is stored in a 

24 database by a certificate authority. 
25 

26 7. The document according to claim 5 wherein the digitized biological indicium is 

27 encrypted by the registrant using a first encrypting key and encrypted by the certificate 

28 authority using a second encrypting key. 
29 

30 8. A data card comprising: 

31 a memory; 

32 information stored in the memory identifying a registrant; and 
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1 a digital certificate stored in the memory, wherein the digital certificate includes a 

2 digitized biological indicium, the biological indicium uniquely identifying the registrant. 
3 

4 9. The data card according to claim 8 further comprising: 

5 a reader connected to the memory; 

6 a certificate database containing a verified copy of the digital certificate; 

7 an access database; and 

8 a processor connected to the reader, the certificate database and the access database, 

9 wherein the processor commands the reader to read the digital certificate and the identifying 

10 information from the memory, compares the digital certificate from the memory with the 

1 1 verified copy in the certificate database and stores the identifying information in the access 

12 database. 
13 

14 10. A method for forming a certificate for authentication of electronic messages, the 

1 5 method comprising: 

16 providing a digital representation of a biological indicium of a registrant; 

1 7 first encrypting the digital representation to form a digital signature; 

1 8 transmitting the digital signature to a certificate authority; and 

19 second encrypting the digital signature by the certificate authority to form the 

20 certificate. 
21 

22 11. The method according to claim 1 0 further comprising hashing the digital 

23 representation prior to the step of first encrypting. 
24 

25 1 2. The method according to claim 1 0 further comprising providing the biological 

26 indicium as an optical image. 
27 

28 1 3. The method according to claim 12 further comprising providing the optical image as 

29 an image of a fingerprint of the registrant. 
30 

31 14. The method according to claim 12 further comprising providing the optical image as 

32 an image of an iris of an eye of the registrant. 
33 
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1 15. The method according to claim 12 further comprising providing the optical image as 

2 an image of the retina of an eye of the registrant. 
3 

4 1 6. The method according to claim 1 0 further comprising providing the biological 

5 indicium as a feature of a biochemical substance extracted from a tissue sample of the 

6 registrant. 
7 

8 1 7. The method according to claim 16 wherein the biochemical substance includes 

9 chromosomal deoxyribonucleic acid. 
10 

11 18. The method according to claim 10 wherein the step of first encrypting comprises 

1 2 forming a first encrypting key according to a public key algorithm and encrypting the 

1 3 digitized representation using the first encrypting key, and wherein the step of second 

14 encrypting comprises forming a second encrypting key according to the public key algorithm 

1 5 and encrypting the signature using the second encrypting key. 
16 

17 19. The method according to claim 1 8 further comprising providing a workstation in the 

1 8 custody of the registrant and performing at least one of the first encrypting step and the 

1 9 second encrypting step at the workstation. 
20 

21 20. The method according to claim 10 further comprising: 

22 entering information identifying the registrant; 

23 appending the identifying information to the digital signature; 

24 verifying the entered identifying information at a remote registration terminal to 

25 generate verification information; and 

26 transmitting the verification information from the remote registration terminal to the 

27 certificate authority. 
28 

29 21 . A certificate formed by the method of claim 10. 
30 

31 22. A method of authenticating an electronic document, the method comprising: 

32 providing a digitized biological indicium of a registrant; 

33 first encrypting the digitized biological indicium to form a digital signature; 
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1 authenticating the digital signature; 

2 second encrypting the digital signature to form a certificate; 

3 storing the certificate in a registry; 

4 appending the certificate to the electronic document to form a signed document; 

5 transmitting the signed document to a receiving terminal by an electronic transmission 

6 means; 

7 extracting the certificate from the transmitted signed document; and 

8 comparing the extracted certificate with the certificate stored in the registry. 
9 

10 23. A signed document formed by the steps of providing, first encrypting, authenticating, 

1 1 second encrypting, storing and appending according to the method of claim 22. 
12 

1 3 24. The method according to claim 22 wherein the step of first encrypting comprises: 

14 forming a first private encrypting key and a first public decrypting key and encrypting 

1 5 the digitized biological indicium using the first private encrypting key, and wherein the step 

1 6 of storing the certificate comprises storing the first public decrypting key in the registry. 
17 

1 8 25. The method according to claim 22 wherein the step of authenticating comprises: 

19 storing the digitized biological indicium on a storage medium; 

20 transmitting the digital signature to a certificate authority from a registrant terminal; 

2 1 decrypting the digital signature to extract the digitized biological indicium; 

22 registering the registrant by entering identifying information provided by the 

23 registrant into a registration terminal; 

24 retrieving the digitized biological indicia from the storage medium by the registration 

25 terminal; 

26 transmitting the identifying information and the digitized biological indicium to the 

27 certificate authority from the registration terminal; and 

28 comparing the transmitted digitized biological indicium with the digitized biological 

29 indicium extracted by the certificate authority. 
30 

3 1 26. The method according to claim 22 wherein the step of second encrypting comprises 

32 generating a second private encrypting key and a second public decrypting key by the 

33 certificate authority and encrypting the digital signature using the second private encrypting 
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1 key and wherein the step of storing the certificate comprises storing the second public 

2 decrypting key in the registry. 
3 

4 27. The method according to claim 26 further comprising: 

5 retrieving the second public decrypting key from the registry; 

6 decrypting the certificate using the second public decrypting key to obtain the digital 

7 signature; 

8 decrypting the digital signature using the first public decrypting key to extract the 

9 digitized representation; and 

1 0 comparing the extracted digitized representation with the biological indicium of the 

1 1 registrant. 
12 

13 28. The method according to claim 22 further comprising providing the biological 

1 4 indicium as an optical image. 
15 

16 29. The method according to claim 28 further comprising providing the optical image as 

1 7 an image of a fingerprint of the registrant. 
18 

19 30. The method according to claim 28 further comprising providing the optical image as 

20 an image of an iris of eye of the registrant. 
21 

22 31. The method according to claim 28 further comprising providing the optical image as 

23 an image of the retina of an eye of the registrant. 
24 

25 32. The method according to claim 22 further comprising providing the biological 

26 indicium as a feature of a biochemical substance extracted from a tissue sample of the 

27 registrant. 
28 

29 33. The method according to claim 32 wherein the biochemical substance includes 

30 chromosomal deoxyribonucleic acid. 
31 

32 
33 
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1 34. An apparatus for forming a certificate comprising: 

2 a storage medium containing a digital representation of a biological indicium of a 

3 registrant; 

4 a terminal including: 

5 input means for reading the storage medium and for inputting the digital 

6 representation; 

7 first encrypting means for encrypting the digitized representation to form a digital 

8 signature; and 

9 transmitting means for transmitting the digital signature; and 

1 0 a certificate authority, the certificate authority including: 

1 1 receiving means for receiving the transmitted digital signature; 

1 2 decrypting means for decrypting the digital signature to extract the digital 

1 3 representation; 

14 authenticating means for verifying that the biological indicium represented by the 

1 5 digital representation corresponds to the registrant; and 

1 6 second encrypting means for encrypting the digital signature to form the certificate. 
17 

18 35. The apparatus according to claim 34 wherein the user workstation includes 

19 hashing means for hashing the digital representation. 
20 

21 36. The apparatus according to claim 34 wherein the transmitting means includes a 

22 communication network. 
23 

24 37. The apparatus according to claim 36 wherein the authenticating means includes a 

25 remote registration terminal connected with the certificate authority via the communication 

26 network. 
27 

28 38. The apparatus according to claim 37 wherein the remote registration terminal includes 

29 a reader for reading the digital representation from the storage medium and input means for 

30 inputting information identifying the registrant. 
31 



32 
33 



17 



WO 00/07330 



PCI7US99/16909 



1 39. An apparatus for forming a certificate comprising: 

2 a communication network; 

3 a memory containing a digital representation of a biological indicium of a registrant; 

4 a terminal including: 

5 a reader responsive to the memory to capture the digital representation; 

6 a first encrypting processor connected with the reader; and 

7 a first modem connected with the first encrypting processor, wherein the first 

8 encrypting processor encrypts the digital representation retrieved from the memory to form a 

9 digital signature and causes the first modem to transmit the digital signature via the 

1 0 communication network; and 

1 1 a certificate authority, the certificate authority including: 

1 2 a second modem connected with the communication network, wherein the second 

1 3 modem receives the digital signature from the communication network; 

14 a decrypting processor connected with the second modem, wherein the decrypting 

1 5 processor receives the digital signature from the second modem and decrypts the digital 

1 6 signature to recover the digital representation; 

1 7 a comparator connected to the decrypting processor, wherein the comparator receives 

1 8 the digital representation from the decrypting processor and compares the digital 

1 9 representation with a verified digital signature and, if a match is found between the digital 

20 signature and the verified digital signature, the comparator generates an authenticated signal; 

21 and 

22 a second encrypting processor connected with the comparator and responsive to the 

23 authenticated signal, wherein, in response to the authenticated signal, the second encrypting 

24 processor encrypts the digital signature thereby forming a digital certificate. 
25 

26 40. An apparatus for forming a certificate for authentication of electronic messages, the 

27 apparatus comprising: 

28 a digital representation of a biological indicium of a registrant; 

29 first encrypting means for encrypting the digital representation to form a digital 

30 signature; 

3 1 data collection means for entering identifying information about the registrant; 

32 appending means for appending the identifying information to the digital signature; 

33 transmitting means for transmitting the digital signature to a certificate authority; and 
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second encrypting means for encrypting the digital signature by the certificate 
authority to form the certificate. 

41. An apparatus for authenticating an electronic document, the apparatus comprising: 
a digitized biological indicium of a registrant; 

first encrypting means for encrypting the digitized biological indicium to form a 
digital signature; 

authenticating means for authenticating the digital signature; 

second encrypting means for encrypting the digital signature to form a certificate; 

a memory for storing the certificate in a registry; 

appending means for appending the certificate to the electronic document to form a 
signed document; 

transmitting means for transmitting the signed document to a receiving terminal; 
extracting means for extracting the certificate from the transmitted signed document; 

and 

comparing means for comparing the extracted certificate with the certificate stored in 
the registry. 
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